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UNITED STATES DISTRICT COURT 
FOR THE DISTRICT OF COLUMBIA 



UNITED STATES OF AMERICA 



V. 



JOSEPH T. COLON, 



Defendant. 



CRIMINAL NO.: 

VIOLATIONS: 18 U.S.C. 

§ 1030(a)(2)(B) 

(Intentionally Accessing a Computer 
While Exceeding Authorized Access 
And Obtaining Information from any 
Department of the United States); 



INFORMATION 



The United States Attorney informs the Court that: 

INTRODUCTION 
At all times material to this Information: 



1 . The defendant, JOSEPH THOMAS COLON, resided at 8 II 6 Tack Lane, Springfield, 
Illinois. 

2. A network is a series of devices, including computers and telecommunication devices, 
connected by communication channels. 

3. A server is a centralized computer that provides services for other computers 
connected to it. 

4. Computer passwords and other data security devices are passwords or devices 
designed to restrict access to or hide computer software, documentation, or data. Data security 
devices may consist of hardware, software, or other programming code. A password (a string of 
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alpha-numeric characters) usually operates as a sort of digital key to "unlock" particular data 
security devices. Data security hardware may include encryption devices, chips, and circuit 
boards. Data security software or digital code may include programming code that creates "test" 
keys or "hot" keys, which perform certain pre-set security functions when touched. Data security 
software or code may also encrypt, compress, hide, or "booby-trap" protected data to make it 
inaccessible or imusable, as well as reverse the process to restore it. 

5. Security Account Manager (SAM) is a database of user and group account information 
"hashes" on Microsoft Windows NT-based computer systems. Hashes are essentially encrypted 
versions of user passwords, but not the actual passwords themselves. A hash is generated by 
applying a 128-bit algorithm to a user password. 

6. Pwdump3.exe ("pwdump") is a free program on the Internet and is used to extract the 
Microsoft Windows NT SAM database of user hashes and account information to a text file. 
Once a user obtains the output of pwdump, the user still does not have access to passwords. 
However, once in a text file, the output of the pwdump program can now be decrypted or 
"cracked". 

7. LOphtcrack (pronounced "loftcrack") is a password decryption tool. Developed by 
"lOpht Heavy Industries" group, this decryption tool identifies password weaknesses. LOphtcrack 
takes the hashed (unreadable) output of the PWDump program and uses a variety of methods to 
make it readable, in other words, to reveal the plain text passwords that correspond to the hash 
values. LOphtcrack decrypts (cracks) the hash by using dictionary word comparisons, lists of 
common passwords, and character substitution techniques, among others. 

8. BAE Systems or BAE (formerly known as DigitialNet) is a contractor employed by 
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the Federal Bureau of Investigation (FBI) to provide support for the conversion of the FBI's 
conversion to a new classified computer networking system (part of a project called the "Trilogy 
project.") 

9. The defendant, JOSEPH THOMAS COLON, was an employee of BAE and was 
assigned to the Springfield, Illinois division of the FBI as of December 8th, 2003, as an 
information technology specialist (ITS) contractor during the time of the offense. 

10. The FBI is part of the Department of Justice and the Department of Justice is an 
executive department as enumerated in Title 5, United States Code Section 101. 

1 1 . The FBI's classified SECRET internal computer network maintains computer servers 
and networks in Washington, D.C.. 

12. The defendant, JOSEPH THOMAS COLON, was not authorized to access the FBI's 
classified SECRET internal computer network's SAM file, that is, the file containing computer 
network usemames and encrypted passwords for all users on the network. 

COUNT ONE 

13. On or about March 2, 2004, at approximately 4:33 p.m. EST, defendant JOSEPH 
THOMAS COLON intentionally accessed a computer in excess of his authorized access and 
thereby obtained information he was not entitled to obtain from a department of the United 
States. 

14. On that date, defendant JOSEPH THOMAS COLON intentionally obtained a SAM 
file from the FBIs classified SECRET computer network that maintains servers in the District of 
Columbia. Defendant obtained the file by executing the pwdump software program. The SAM 
file contained a list of usernames and encrypted passwords for over 38,000 user accounts on the 
FBI's classified computer network. Defendant was not authorized to access the information 
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contained in the SAM file. 

15. Defendant JOSEPH THOMAS COLON subsequently intentionally used LOphtcrack 

software program to decrypt the passwords accompanying the user names. 

(In violation of 18 U.S.C, §1030(a)(2)(B), Exceeding Authorized Access on a 
Government Computer,) 

COUNT TWO 



16. On or about May 24, 2004, at approximately 3:45 p.m. EST, defendant JOSEPH 
THOMAS COLON intentionally accessed a computer in excess of his authorized access and 
thereby obtained information he was not entitled to obtain from a department of the United 
States. 

17. On that date, defendant JOSEPH THOMAS COLON intentionally obtained a SAM 
file from the FBI's classified SECRET computer network that maintains servers in the District of 
Columbia. Defendant obtained the file by executing the pwdump software program. The SAM 
file contained a list of usemames and encrypted passwords for all user accounts on the FBI's 
classified computer network. Defendant was not authorized to access the information contained 
in the SAM file. 

18. Defendant JOSEPH THOMAS COLON subsequently intentionally used LOphtcrack 

software program to decrypt the passwords accompanying the user names. 

(In violation of 18 U.S.C, §1030(a)(2)(B), Exceeding Authorized Access on a 
Government Computer.) 

COUNT THREE 



19. On or about July 26, 2004, at approximately 1 1:49 a..m. EST, defendant JOSEPH 
THOMAS COLON intentionally accessed a computer in excess of his authorized access and 
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thereby obtained information he was not entitled to obtain from a department of the United 
States. 

20. On that date, defendant JOSEPH THOMAS COLON intentionally obtained a SAM 
file from the FBI's classified SECRET computer network that maintains servers in the District of 
Columbia. Defendant obtained the file by executing the pwdump software program. The SAM 
file contained a list of usemames and encrypted passwords for all user accounts on the FBI's 
classified computer network. Defendant was not authorized to access the information contained 
in the SAM file. 

21. Defendant JOSEPH THOMAS COLON subsequently intentionally used LOphtcrack 

software program to decrypt the passwords accompanying the user names. 

(In violation of 18 U.S.C, §1030(a)(2)(B), Exceeding Authorized Access on a 
Government Computer.) 

COUNT FOUR 

22. On or about November 16, 2004, at approximately 4:33 p.m. EST, defendant 
JOSEPH THOMAS COLON intentionally accessed a computer in excess of his authorized 
access and thereby obtained information he was not entitled to obtain from a department of the 
United States. 

23. On that date, defendant JOSEPH THOMAS COLON intentionally obtained a SAM 
file from the FBI's classified SECRET computer network that maintains servers in the District of 
Columbia. Defendant obtained the file by executing the pwdump software program. The SAM 
file contained a list of usemames and encrypted passwords for all user accounts on the FBI's 
classified computer network. Defendant was not authorized to access the information contained 
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in the SAM file. 

24. Defendant JOSEPH THOMAS COLON subsequently intentionally used LOphtcrack 

software program to decrypt the passwords accompanying the user names. 

(In violation of 18 U.S.C, §1030(a)(2)(B), Exceeding Authorized Access on a 
Government Computer.) 



Respectfially submitted, 
KENNETH L. WAINS TEIN 
United States Attorney 
for the District of Columbia 
D.C.Bar No. 451058 

By: 



JOHN CARLIN 

Assistant U.S. Attorney 

Computer Hacking and Intellectual Property Unit 

555 4* Street, N.W. 

Washington, D.C. 20530 

202-353-2457 



